Join Log in
Score:0
Sit399 avatar Server

Apache virtualhost port 443 serves content from port 80 configuration

al flag
Sit399

I'm running Apache 2.4.52 on Ubuntu Server 22.04. I'm trying to run https through port 443, eventually aiming to have a redirect from port 80 to force content on https. However, Apache seems to be using the DocumentRoot from the port 80 config, despite the browser connecting to the https url and being served the right SSL certificate.

For example:

<VirtualHost *:80>

        ServerName [mydomain]
        ServerAlias [www.mydomain]
        DocumentRoot /var/www/testpage1/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        #RewriteEngine On
        #RewriteCond %{HTTPS} off
        #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
        #Redirect permanent / https://[mydomain]

</VirtualHost>

<VirtualHost *:443>

        ServerName [mydomain]
        ServerAlias [www.mydomain]
        DocumentRoot /var/www/testpage2/
        
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/[mydomain]/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/[mydomain]/privkey.pem

</VirtualHost>

results in the index.html from "/var/www/testpage1/" being shown instead of testpage2.

At this point, if I uncomment either

#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

or

#RewriteEngine On
#Redirect permanent / https://[mydomain]

it just hits me with an "ERR_TOO_MANY_REDIRECTS"

If I comment out the DocumentRoot in the port 80 config, both the http and https url take me to the apache default config page.

And if I comment out the ServerName and ServerAlias in either the 80 or 443 config, both still take me to testpage1.

my ports.conf in /etc/apache2/ looks like this:

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

I've checked that the ssl module is turned on

In the Apache error logs, there is an AH01909 "server certificate does NOT include an ID which matches the server name" warning. Could this be an issue, or is there something else I'm missing?

Thanks for any help.

670
1 + 4
ssl
ezra-s avatar
ru flag
ezra-s
make sure you are landing in the virtualhost you are showing, if apache tells you the certificate does not match the servername , check "apachectl -S" output to see which virtualhosts you have defined.
0
Reply
Sit399 avatar
al flag
Sit399
@DanielFerradal I've fixed the certificate matching server name issue by moving the certificate to another directory. The virtualhost configuration as per "apachectl -S" seems to be pointing to the correct conf file, but the problem still persists.
0
Reply
ezra-s avatar
ru flag
ezra-s
Like I said, check "apachectl -S"output and even set specific log files for each virtualhost to make sure to know where you are landing because either you are requesting the wrong name or some other virtualhost defined "earlier" in your config has a greedy name and catching the request.
0
Reply
Sit399 avatar
al flag
Sit399
@DanielFerradal thanks for all your help with diagnosis. It turned out I was just stupid and didn't allow https through my firewall, rather than it being an Apache virtualhost issue - details in answer.
0
Reply
Score:2
Sit399 avatar Server
al flag
Sit399

As stupid as it seems, and after weeks of headache, it turns out I just didn't allow HTTPS traffic through my firewall.

As I proxied my site through Cloudflare, what I thought was the correct SSL certificate was actually the Cloudflare Edge certificates. As the SSL/TLS encryption mode wasn't on strict, the site requested by Cloudflare from my server was still served through port 80, but the traffic between my browser and Cloudflare was still encrypted so it still displayed as https on my browser.

sudo ufw allow 'Apache Full' and setting the encryption mode to strict ended up fixing all the issues.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.